WHAT IS CLAIMED IS: 



1. A method of community access control in a Multi-Community Node (MCN), said 
method comprising: 

receiving a request for access to an object; 

permitting access to said object in response to detecting said request is from a 

user, wherein a user community set (UCS) of said user is a superset of an 
object community set (OCS) of said object; and 

permitting access to said object in response to detecting said request is from a 
process, wherein an application process community set (ACS) of said 
process is a superset of said OCS. 

2. The method of claim 1, wherein said object is an operating system controlled 
resource. 

3. The method of claim 2, wherein said object is selected from the group consisting of a 
file system, a storage volume, a directory, a file, a record, a memory region, a queue, a 
pipe, a socket, a port, or an input/output device. 

4. The method of claim 1, wherein the initial owner of said object is the creator of said 
object. 

5. The method of claim 1, further comprising permitting an owner of said object to 
designate a first user as a new owner of said object, in response to detecting a UCS of 
said first user is a superset of said OCS. 

6. The method of claim 1, further comprising allowing a first process to change said 
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OCS of said object to a subset of said ACS of said first process, in response to 
detecting an owner of said first process is an owner of said object and said ACS is a 
superset of said OCS. 



7. The method of claim 1 , further comprising consulting a Community Information Base 
(CIB). 

8. The method of claim 7, wherein said CIB includes a UCS for each user of said MCN, 
an ACS for application on said MCN, and an OCS for each object residing within 
said MCN. 

9. The method of claim 8, wherein said CIB further includes a creator and a current 
owner for each object residing within said MCN. 

10. A Multi-Community Node (MCN) comprising: 

a processing unit configured to receive a request for access to an object, wherein 
said processing unit is configured to permit access to said object in 
response to detecting said request is from a user, wherein a user 
community set (UCS) of said user is a superset of an object community set 
(OCS) of said object, and wherein said processing unit is configured to 
permit access to said object in response to detecting said request is from a 
process, wherein an application process community set (ACS) of said 
process is a superset of said OCS; and 

a community information base. 

11. The MCN of claim 10, wherein said object is an operating system controlled resource. 

12. The MCN of claim 11, wherein said object is selected from the group consisting of a 
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file system, a storage volume, a directory, a file, a record, a memory region, a queue, a 
pipe, a socket, a port, or an input/output device. 

13. The MCN of claim 10, wherein the initial owner of said object is the creator of said 
object. 

14. The MCN of claim 10, wherein said processing unit is further configured to permit an 
owner of said object to designate a first user as a new owner of said object, in 
response to detecting a UCS of said first user is a superset of said OCS. 

15. The MCN of claim 10, wherein said processing unit is further configured to allow a 
first process to change said OCS of said object to a subset of said ACS of said first 
process, in response to detecting an owner of said first process is an owner of said 
object and said ACS is a superset of said OCS. 

16. The MCN of claim 10, wherein said CIB includes a UCS for each user of said MCN, 
an ACS for application on said MCN, and an OCS for each object residing within 
said MCN. 

17. The MCN of claim 16, wherein said CIB further includes a creator and a current 
owner for each object residing within said MCN. 

18. A computer system comprising: 

a computer network; and 

a multi-community node (MCN) coupled to said computer network, wherein said 
MCN comprises: 

a processing unit configured to receive a request for access to an object, 
wherein said processing unit is configured to permit access to said 
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object in response to detecting said request is from a user, wherein 
a user community set (UCS) of said user is a superset of an object 
community set (OCS) of said object, and wherein said processing 
unit is configured to permit access to said object in response to 
detecting said request is from a process, wherein an application 
process community set (ACS) of said process is a superset of said 
OCS; and 

a community information base. 

19. The computer system of claim 18, wherein said object is an operating system 
controlled resource. 

20. The computer system of claim 19, wherein said object is selected from the group 
consisting of a file system, a storage volume, a directory, a file, a record, a memory 
region, a queue, a pipe, a socket, a port, or an input/output device. 

21. The computer system of claim 18, wherein the initial owner of said object is the 
creator of said object. 

22. The computer system of claim 18, wherein said processing unit is further configured 
to permit an owner of said object to designate a first user as a new owner of said 
object, in response to detecting a UCS of said first user is a superset of said OCS. 

23. The computer system of claim 18, wherein said processing unit is further configured 
to allow a first process to change said OCS of said object to a subset of said ACS of 
said first process, in response to detecting an owner of said first process is an owner 
of said object and said ACS is a superset of said OCS. 

24. The computer system of claim 18, wherein said CIB includes a UCS for each user of 
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said MCN, an ACS for application on said MCN, and an OCS for each object residing 
within said MCN. 

25. The computer system of claim 24, wherein said CDB further includes a creator and a 
current owner for each object residing within said MCN. 

26. A carrier medium comprising program instructions, wherein said program instructions 
are executable to: 

receive a request for access to an object; 

permit access to said object in response to detecting said request is from a user, 

wherein a user community set (UCS) of said user is a superset of an object 
community set (OCS) of said object; and 

permit access to said object in response to detecting said request is from a process, 
wherein an application process community set (ACS) of said process is a 
superset of said OCS. 

27. The carrier medium of claim 26, wherein said object is an operating system controlled 
resource. 

28. The carrier medium of claim 27, wherein said object is selected from the group 
consisting of a file system, a storage volume, a directory, a file, a record, a memory 
region, a queue, a pipe, a socket, a port, or an input/output device. 

29. The carrier medium of claim 26, wherein the initial owner of said object is the creator 
of said object. 

30. The carrier medium of claim 26, wherein said program instructions are further 
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executable to permit an owner of said object to designate a first user as a new owner 
of said object, in response to detecting a UCS of said first user is a superset of said 
OCS. 

31. The carrier medium of claim 26, wherein said program instructions are further 
executable to allow a first process to change said OCS of said object to a subset of 
said ACS of said first process, in response to detecting an owner of said first process 
is an owner of said object and said ACS is a superset of said OCS. 

32. The carrier medium of claim 26, wherein said program instructions are further 
executable to consult a Community Information Base (CIB). 

33. The carrier medium of claim 32, wherein said CIB includes a UCS for each user of 
said MCN, an ACS for application on said MCN, and an OCS for each object residing 
within said MCN. 

34. The carrier medium of claim 33, wherein said CIB further includes a creator and a 
current owner for each object residing within said MCN. 
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